This is helpful. Can the convenience release contain unaproved or unclear licenses if they are explicitely laid out as per the package metadata?
I have found many of our JS lib have unclear licenses. Strings like "MIT or GPL" or "BSD*" which when digging means something like "BSD with LLVM clause". Seems like we'd have to spend a fair amount of time digging through all this and asking maintainers for clarifications. It seems like we may just have to bail on a convenience release. On Wed, Sep 5, 2018, 2:15 PM Justin Mclean <jmcl...@apache.org> wrote: > Hi, > > > For context, Superset ships as a Python [Flask] backend and a Javascript > > frontend web app. Currently we distribute a package on Pypi that contains > > minified Javascript bundles. > > Minified javascript may not be considered source code, which an Apache > release must contain. > > > From my understanding we can't really ship just our code or binaries and > > have people fetch the rest of the deps and build/install it, can we? > > I don't see why not. Think of a typical Java project using maven, when you > do a "mvn compile" it will go and download any dependancies that you don't > have. > > > If that was the case, the Superset Apache release could really just be a > > tarball with source and and an installation script that would fetch all > the > > deps and build the JS. Would that work? > > Sure as long as there clear instructions and the user would typically have > the build tools needed installed. > > But even if you did do this, your convenience binary would still have to > follow ASF licensing policy. [1] > > Thanks, > Justin > > 1. http://www.apache.org/dev/licensing-howto.html#binary >